user00265 at gmail
Oct 11, 2005, 6:25 AM
Post #10 of 14
(1278 views)
Permalink
|
fail2ban is not on the Portage tree, you need to install it manually or via
a ebuild on a overlay, this was discussed in another thread in this mailing
list.
As per another discussion in this list, what you have to do is:
- create a local overlay: /usr/local/portage and then net-firewall/fail2ban
- declare this overlay in you make.conf
- copy fail2ban-0.5.4.ebuild (see below) into
/usr/local/portage/net-firewall/fail2ban/
- create an new directory under fail2ban called 'files'
- copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory
- run "ebuild fail2ban-0.5.4.ebuild digest"
And then simply emerge fail2ban.
Here is the ebuild:
-----------------------------
# Distributed under the terms of the GNU General Public License v2
DESCRIPTION="Bans IP that make too many password failures"
HOMEPAGE="http://sourceforge.net/projects/fail2ban"
SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2<mirror://sourceforge/fail2ban/$%7BP%7D.tar.bz2>
"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~amd64"
IUSE=""
DEPEND=">=dev-lang/python-2.3"
src_install() {
# Use python setup
python setup.py install --root=${D} || die
# Use fail2ban.conf.default as default config file
insinto /etc
newins config/fail2ban.conf.default fail2ban.conf
# Install initd scripts
exeinto /etc/init.d
newexe config/gentoo-initd fail2ban
insinto /etc/conf.d
newins config/gentoo-confd fail2ban
# Doc
doman man/*.[0-9]
dodoc CHANGELOG README TODO
}
pkg_postinst() {
# The user must edit the config file
echo ""
einfo "Please edit /etc/fail2ban.conf with parameters"
einfo "which correspond to your system."
echo ""
}
On 10/11/05, woody < cyril [at] toysnet> wrote:
>
> Jochen Maes wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hey all,
> >
> >
> > ok one off my servers i keep on getting one iprange that tries to
> > login through ssh (200-300) attemps with other usernames.
> > This is probably a script that's being ran all the time, but the isp
> > doesn't mind, i allready sent my logs and my complaints and i don't
> > get any response.
> > Is there something like hackerwatch that i can send those logs to
> > (preferrably automatically) when happening?
> > I've blocked the range now so isn't a problem but hate it that the isp
> > doesn nothing against it.
>
> have a look to fail2ban..
>
> diabolo prod # emerge -s fail2ban
> Searching...
> [ Results for search key : fail2ban ]
> [ Applications found : 1 ]
>
> * net-firewall/fail2ban
> Latest version available: 0.5.4
> Latest version installed: 0.5.4
> Size of downloaded files: 18 kB
> Homepage: http://sourceforge.net/projects/fail2ban
> Description: Bans IP that make too many password failures
> License: GPL-2
>
> >
> > greetings,
> >
> > SeJo
> >
> > - --
> > "Defer no time, delays have dangerous ends"
> >
> > Jochen Maes Gentoo Linux
> > Gentoo Belgium
> > http://sejo.be
> > http://gentoo.be
> > http://gentoo.org
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe
> > ZPNqAHab5fXLdx11vdod5rc=
> > =35Kg
> > -----END PGP SIGNATURE-----
> >
>
> --
> gentoo-security [at] gentoo mailing list
>
>
|
